cms_scanner 0.12.2 → 0.13.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/core.rb +1 -1
- data/app/controllers/core/cli_options.rb +2 -1
- data/app/views/json/scan_aborted.erb +1 -0
- data/lib/cms_scanner/errors/http.rb +1 -1
- data/lib/cms_scanner/finders/finder/enumerator.rb +2 -0
- data/lib/cms_scanner/references.rb +1 -1
- data/lib/cms_scanner/scan.rb +9 -5
- data/lib/cms_scanner/target/server/generic.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/vulnerability.rb +8 -6
- metadata +26 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 23e6eef37dbbfd36110bddad6591acf10944b131eb693bbdef24ef52d9a597b1
|
|
4
|
+
data.tar.gz: 4857f7c2489169d3e25f813a4df6a7389e6dea566299e35ea37be35007770e49
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: da8668532581efc8ba6db9e8ef941573674c972319846c65cf2ed6ad2d3f63ef72f9a474385e0050cd7e47468fae9edabb3fbb49a5670975927efbbd9c1dad15
|
|
7
|
+
data.tar.gz: 5e28da01a72d5ae5478040dd47202001fb1849e25080ebac690a23ca20b692c40957b1218588fe15407483e5f4a7e29e2c153a7454cf79b0c165a269d8d694c5
|
data/app/controllers/core.rb
CHANGED
|
@@ -43,7 +43,7 @@ module CMSScanner
|
|
|
43
43
|
when 401
|
|
44
44
|
raise Error::HTTPAuthRequired
|
|
45
45
|
when 403
|
|
46
|
-
raise Error::AccessForbidden, NS::ParsedCli.random_user_agent
|
|
46
|
+
raise Error::AccessForbidden, NS::ParsedCli.random_user_agent unless NS::ParsedCli.force
|
|
47
47
|
when 407
|
|
48
48
|
raise Error::ProxyAuthRequired
|
|
49
49
|
end
|
|
@@ -10,7 +10,8 @@ module CMSScanner
|
|
|
10
10
|
[
|
|
11
11
|
OptURL.new(['-u', '--url URL', 'The URL to scan'],
|
|
12
12
|
required_unless: %i[help hh version],
|
|
13
|
-
default_protocol: 'http')
|
|
13
|
+
default_protocol: 'http'),
|
|
14
|
+
OptBoolean.new(['--force', 'Do not check if target returns a 403'])
|
|
14
15
|
] + mixed_cli_options + [
|
|
15
16
|
OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
|
|
16
17
|
OptChoice.new(['-f', '--format FORMAT',
|
|
@@ -44,7 +44,7 @@ module CMSScanner
|
|
|
44
44
|
|
|
45
45
|
def to_s
|
|
46
46
|
msg = if random_user_agent_used
|
|
47
|
-
'Well... --random-user-agent didn\'t work,
|
|
47
|
+
'Well... --random-user-agent didn\'t work, use --force to skip this check if needed.'
|
|
48
48
|
else
|
|
49
49
|
'Please re-try with --random-user-agent'
|
|
50
50
|
end
|
|
@@ -59,6 +59,8 @@ module CMSScanner
|
|
|
59
59
|
|
|
60
60
|
full_res = NS::Browser.get(head_res.effective_url, full_request_params)
|
|
61
61
|
|
|
62
|
+
return unless valid_response_codes.include?(full_res.code)
|
|
63
|
+
|
|
62
64
|
return if target.homepage_or_404?(full_res) ||
|
|
63
65
|
opts[:exclude_content] && full_res.body&.match(opts[:exclude_content])
|
|
64
66
|
|
|
@@ -86,7 +86,7 @@ module CMSScanner
|
|
|
86
86
|
|
|
87
87
|
# @return [ String ] The URL to the metasploit module page
|
|
88
88
|
def msf_url(mod)
|
|
89
|
-
"https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}"
|
|
89
|
+
"https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}/"
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
# @return [ Array<String> ] The Packetstormsecurity IDs
|
data/lib/cms_scanner/scan.rb
CHANGED
|
@@ -29,11 +29,15 @@ module CMSScanner
|
|
|
29
29
|
rescue NoMemoryError, ScriptError, SecurityError, SignalException, StandardError, SystemStackError => e
|
|
30
30
|
@run_error = e
|
|
31
31
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
32
|
+
output_params = {
|
|
33
|
+
reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
|
|
34
|
+
trace: e.backtrace,
|
|
35
|
+
verbose: NS::ParsedCli.verbose || run_error_exit_code == NS::ExitCode::EXCEPTION
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
output_params[:url] = controllers.first.target.url if NS::ParsedCli.url
|
|
39
|
+
|
|
40
|
+
formatter.output('@scan_aborted', output_params)
|
|
37
41
|
ensure
|
|
38
42
|
formatter.beautify
|
|
39
43
|
end
|
|
@@ -41,7 +41,7 @@ module CMSScanner
|
|
|
41
41
|
def directory_listing?(path = nil, params = {})
|
|
42
42
|
res = NS::Browser.get(url(path), params)
|
|
43
43
|
|
|
44
|
-
res.code == 200 && res.body.include?('<h1>Index of')
|
|
44
|
+
res.code == 200 && res.body.include?('<h1>Index of')
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
# @param [ String ] path
|
data/lib/cms_scanner/version.rb
CHANGED
|
@@ -5,7 +5,7 @@ module CMSScanner
|
|
|
5
5
|
class Vulnerability
|
|
6
6
|
include References
|
|
7
7
|
|
|
8
|
-
attr_reader :title, :type, :fixed_in, :cvss
|
|
8
|
+
attr_reader :title, :type, :fixed_in, :introduced_in, :cvss
|
|
9
9
|
|
|
10
10
|
# @param [ String ] title
|
|
11
11
|
# @param [ Hash ] references
|
|
@@ -18,14 +18,16 @@ module CMSScanner
|
|
|
18
18
|
# @option references [ Array<String> ] :youtube
|
|
19
19
|
# @param [ String ] type
|
|
20
20
|
# @param [ String ] fixed_in
|
|
21
|
+
# @param [ String ] introduced_in
|
|
21
22
|
# @param [ HashSymbol ] cvss
|
|
22
23
|
# @option cvss [ String ] :score
|
|
23
24
|
# @option cvss [ String ] :vector
|
|
24
|
-
def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil)
|
|
25
|
-
@title
|
|
26
|
-
@type
|
|
27
|
-
@fixed_in
|
|
28
|
-
@
|
|
25
|
+
def initialize(title, references: {}, type: nil, fixed_in: nil, introduced_in: nil, cvss: nil)
|
|
26
|
+
@title = title
|
|
27
|
+
@type = type
|
|
28
|
+
@fixed_in = fixed_in
|
|
29
|
+
@introduced_in = introduced_in
|
|
30
|
+
@cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
|
|
29
31
|
|
|
30
32
|
self.references = references
|
|
31
33
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.13.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: get_process_mem
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.9.
|
|
47
|
+
version: 1.9.4
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.9.
|
|
54
|
+
version: 1.9.4
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: public_suffix
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,6 +106,20 @@ dependencies:
|
|
|
106
106
|
- - "<"
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
108
|
version: '1.5'
|
|
109
|
+
- !ruby/object:Gem::Dependency
|
|
110
|
+
name: ethon
|
|
111
|
+
requirement: !ruby/object:Gem::Requirement
|
|
112
|
+
requirements:
|
|
113
|
+
- - "~>"
|
|
114
|
+
- !ruby/object:Gem::Version
|
|
115
|
+
version: 0.14.0
|
|
116
|
+
type: :runtime
|
|
117
|
+
prerelease: false
|
|
118
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
119
|
+
requirements:
|
|
120
|
+
- - "~>"
|
|
121
|
+
- !ruby/object:Gem::Version
|
|
122
|
+
version: 0.14.0
|
|
109
123
|
- !ruby/object:Gem::Dependency
|
|
110
124
|
name: xmlrpc
|
|
111
125
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -210,28 +224,28 @@ dependencies:
|
|
|
210
224
|
requirements:
|
|
211
225
|
- - "~>"
|
|
212
226
|
- !ruby/object:Gem::Version
|
|
213
|
-
version: 1.
|
|
227
|
+
version: 1.13.0
|
|
214
228
|
type: :development
|
|
215
229
|
prerelease: false
|
|
216
230
|
version_requirements: !ruby/object:Gem::Requirement
|
|
217
231
|
requirements:
|
|
218
232
|
- - "~>"
|
|
219
233
|
- !ruby/object:Gem::Version
|
|
220
|
-
version: 1.
|
|
234
|
+
version: 1.13.0
|
|
221
235
|
- !ruby/object:Gem::Dependency
|
|
222
236
|
name: rubocop-performance
|
|
223
237
|
requirement: !ruby/object:Gem::Requirement
|
|
224
238
|
requirements:
|
|
225
239
|
- - "~>"
|
|
226
240
|
- !ruby/object:Gem::Version
|
|
227
|
-
version: 1.
|
|
241
|
+
version: 1.11.0
|
|
228
242
|
type: :development
|
|
229
243
|
prerelease: false
|
|
230
244
|
version_requirements: !ruby/object:Gem::Requirement
|
|
231
245
|
requirements:
|
|
232
246
|
- - "~>"
|
|
233
247
|
- !ruby/object:Gem::Version
|
|
234
|
-
version: 1.
|
|
248
|
+
version: 1.11.0
|
|
235
249
|
- !ruby/object:Gem::Dependency
|
|
236
250
|
name: simplecov
|
|
237
251
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -266,17 +280,17 @@ dependencies:
|
|
|
266
280
|
requirements:
|
|
267
281
|
- - "~>"
|
|
268
282
|
- !ruby/object:Gem::Version
|
|
269
|
-
version: 3.
|
|
283
|
+
version: 3.12.0
|
|
270
284
|
type: :development
|
|
271
285
|
prerelease: false
|
|
272
286
|
version_requirements: !ruby/object:Gem::Requirement
|
|
273
287
|
requirements:
|
|
274
288
|
- - "~>"
|
|
275
289
|
- !ruby/object:Gem::Version
|
|
276
|
-
version: 3.
|
|
290
|
+
version: 3.12.0
|
|
277
291
|
description: Framework to provide an easy way to implement CMS Scanners
|
|
278
292
|
email:
|
|
279
|
-
-
|
|
293
|
+
- contact@wpscan.com
|
|
280
294
|
executables: []
|
|
281
295
|
extensions: []
|
|
282
296
|
extra_rdoc_files: []
|
|
@@ -393,7 +407,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
393
407
|
- !ruby/object:Gem::Version
|
|
394
408
|
version: '0'
|
|
395
409
|
requirements: []
|
|
396
|
-
rubygems_version: 3.0.3
|
|
410
|
+
rubygems_version: 3.0.3.1
|
|
397
411
|
signing_key:
|
|
398
412
|
specification_version: 4
|
|
399
413
|
summary: CMS Scanner Framework (experimental)
|